Researcher Gives Apple Details of macOS Keychain Security Flaw Despite No Mac Bug Bounty Program
A German teenager who discovered a macOS Keychain security flaw last month has now shared the details with Apple, after having initially refused to hand them over because of the company's lack of a bug bounty program for the Mac.
Eighteen-year-old Linus Henze dubbed the zero-day macOS vulnerability he found "KeySteal," which, as demoed in the video above, can be used to disclose all sensitive data stored in the Keychain app.
Henze said he decided to reveal the details to Apple because the bug "is very critical and because the security of macOS users is important to me."
After Henze released the video in early February, Apple's security team reached out to him, but the researcher said he wouldn't disclose the details without a cash reward, arguing that discovering the vulnerabilities takes time.
"Even if it looks like I'm doing this just for money, this is not my motivation at all in this case," said Henze. "My motivation is to get Apple to create a bug bounty program. I think that this is the best for both Apple and Researchers."
Apple has a reward program for iOS that provides money to those who discover bugs, but there is no similar payment system for macOS bugs.
Popular Stories
With around four months to go before Apple is expected to unveil the iPhone 14 lineup, the overwhelming majority of rumors related to the new devices so far have focused on the iPhone 14 Pro, rather than the standard iPhone 14 – leading to questions about how different the iPhone 14 will actually be from its predecessor, the iPhone 13.
The iPhone 14 Pro and iPhone 14 Pro Max are expected...
The iPhone 14 will feature a more expensive "high-end" front-facing camera with autofocus, partly made in South Korea for the first time, ET News reports.
Apple reportedly ousted a Chinese candidate to choose LG Innotek, a South Korean company, to supply the iPhone 14's front-facing camera alongside Japan's Sharp. The company is said to have originally planned to switch to LG for the iPhone...
Last year's iPhone 13 Pro models were the first of Apple's smartphones to come with 120Hz ProMotion displays, and while the two iPhone 14 Pro models will continue to feature the technology, their screens could well boast expanded refresh rate variability this time round.
To bring ProMotion displays to the iPhone 13 Pro models, Apple adopted LTPO panel technology with variable refresh...
Apple has silently increased the price of its Apple Music subscription for college students in several countries, with the company emailing students informing them their subscription would be slightly increasing in price moving forward. The price change is not widespread and, based on MacRumors' findings, will impact Apple Music student subscribers in but not limited to Australia, the...
Apple is one of several companies that have held talks with Electronic Arts (EA) about a potential purchase, according to a new report from Puck.
EA has spoken to several "potential suitors," including Apple, Amazon, and Disney as it looks for a merger arrangement. Apple and the other companies declined to comment, and the status of the talks is not known at this time, but Apple does have an ...
Sony this week came out with an updated version of its popular over-ear noise canceling headphones, so we picked up a pair to compare them to the AirPods Max to see which headphones are better and whether it's worth buying the $400 WH-1000XM5 from Sony over Apple's $549 AirPods Max.
Subscribe to the MacRumors YouTube channel for more videos. First of all, the AirPods Max win out when it comes ...
Top Rated Comments
Thank you, Linus.
Now, Apple, listen to the people, and start bug bounty program.